Adversarial Tradecraft in Cybersecurity - Dan Borges
Adversarial Tradecraft in Cybersecurity: Offense versus defense in real-time computer conflict - 2021
This book, authored by Dan Borges, is a remarkable piece of work. Notably, Borges boasts a wealth of experience in the field of cyber security and has also served as a coach for cyber teams participating in various cyber competitions. What sets this book apart is its comprehensive exploration of both offensive and defensive aspects, offering detailed insights into the perspectives of both attackers and defenders.
Intelligence-Driven Incident Response: Scott J. Roberts and Rebekah Brown
Intelligence-Driven Incident Response: Outwitting the Adversary - 2017
This book is included in both my top Cyber Threat Intelligence (CTI), and Incident Response (IR) book lists. All too often Incident Responders are flying blind in knowing what to look for and whether they have fully remediated an incident. This book concisely illustrates the importance of CTI as a driver for better IR. The book discusses a model called F3EAD Find, Fix, Finish, Exploit, Analyze, and Disseminate as the cornerstone of this process.
Practical Threat Intelligence and Data-Driven Threat Hunting - Valentina Costa-Gazcó
Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK™ Framework - 2021
This book is included in both my top Cyber Threat Intelligence (CTI), and Incident Response (IR) book lists. This book outlines process details with examples Threat Hunting (TH). Starting with CTI to best understand your adversaries and engaging in TH activities. A real-world example of Qasae RAT is used.
Network Forensics: Tracking Hackers through Cyberspace - S. Davidoff and J. Ham - 2012
In Incident Response (IR) there is a saying, "..the network doesn't lie.." This is an older book but very good at covering fundamental network concepts related to IR. IR often starts with the network (e.g., "Why is my system X communicating on the network to Z?")
Applied Incident Response - Steve Anson
Applied Incident Response - 2020
This is a really solid book that provides understandable chapter summaries to several key areas of Incident Response (IR) including quick system triage, memory acquisition and analysis, Network Security Monitoring (NSM), even log analysis, and disk forensics.
Troubleshooting with the Windows Sysinternals Tools - M. Russinovich and A. Margosis - Troubleshooting with the Windows Sysinternals Tools - 2016
This isn't a Windows Incident Response (IR) or Windows Forensics book (there are several good Windows forensics books). This book covers each of the Microsoft Sysinternals tools developed by Mark Russinovich. Not only are these tools useful for Windows IR, but understanding the data they ascertain about Windows provides someone beginning working in IR a graphical representation of the type of data that is critical to understand in Windows IR.
Linux Forensics - Dr. Phillip Polstra
Linux Forensics - 2015
Dr. Phil Polstra does an excellent job in this book providing real-world tips and examples of Linux Incident Response (IR). Another great thing about this book is that it has dozens of bash script examples for accomplishing IR in Linux environments.
Practical Linux Forensics: A Guide for Digital Investigators - Bruce Nikkel
Practical Linux Forensics: A Guide for Digital Investigators - 2021
A large tome of up-to-date information related to Linux forensics.
Comments